Spam bots defeat Recaptcha.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • AdrianH
    Senior Member
    • Sep 2007
    • 508

    Spam bots defeat Recaptcha.

    I have the Recaptcha system set up and also use the ISBot mod, in the last week I have had 14 spam bots seed the forum member list.

    these are the last 2 :

    beijmanli Email Address : [email protected]
    Birthday : January 1, 1980
    Referrer: N/A
    IP Address: 58.17.147.112


    KaiyureBoy Email Address : [email protected]
    Birthday : January 1, 1980
    Referrer: N/A
    IP Address: 121.234.239.204

    A quick Google shows them as very prolific spammers,this is no manual entry campaign.

    Prior to v 3.7 I used the NO SPAM mod combined with ISBot and never had a single spammer succeed in joining the forum.
  • Vtec44
    Senior Member
    • Jan 2005
    • 1555
    • 3.7.x

    #2
    Did you have email verification on?
    So Cal Sportbike forum - So Cal Moto - Kawasaki Ninja 250R Forum - Custom vinyl decals - Southern California camping forum

    Comment

    • 5thfoot
      New Member
      • Oct 2007
      • 16
      • 3.7.x

      #3
      I have had these two as well, checked Google and looks like they have registered on at least 1,500 forums in the last 48 hours. I have email verification and Image verification active.

      beijmanli
      Email Address : [email protected]
      Birthday : January 1, 1980
      Referrer: N/A
      IP Address: 58.17.147.112


      KaiyureBoy
      Email Address : [email protected]
      Birthday : January 1, 1980
      Referrer: N/A
      IP Address: 121.234.239.204



      (and that 1,500 forums are the ones Google bothers to index on a daily basis, real number of infected forums must be vast)
      Last edited by 5thfoot; Tue 20 May '08, 11:44pm.

      Comment

      • vord
        New Member
        • Mar 2008
        • 23

        #4
        I've had the first one and some variations. Clever program - it appears to be reading the form field names on the registration form and submitting appropriately. Most robots don't seem to do that. Made me think it might be human.

        Rotating about different IPs across China, always using gmail.com email addresses, but seems to wait a bit before posting so I've been banning it before it gets the chance.

        Comment

        • Dv_
          New Member
          • Aug 2006
          • 19
          • 4.2.X

          #5
          Same for me... email verification and Image verification are active, but they have been able to register and post on my forum.

          Comment

          • Tolitz
            Senior Member
            • Dec 2000
            • 1371
            • 2.3.0

            #6
            Got these two on my forum as well, registering within 2 hours of each other yesterday... Banned their accounts immediately after I saw this thread...

            I am using reCaptcha, with email verification and even two required custom fields during registration... it's not just reCaptcha they're beating, it seems...

            - T
            OPEN TECH SUPPORT
            "Tech is our middle name!"

            Comment

            • 5thfoot
              New Member
              • Oct 2007
              • 16
              • 3.7.x

              #7
              back again now on my forum busy "modifying signature"

              different reg details:

              lovebeijgo
              Email Address : [email protected]
              Birthday : January 1, 1980
              Referrer: N/A
              IP Address: 222.183.128.26

              Comment

              • 5thfoot
                New Member
                • Oct 2007
                • 16
                • 3.7.x

                #8
                Anyway I have disabled new registrations on mine as I cannot give this my full attention today, and I'm worried that the spambot goes into overdrive!
                any help greatly appreciated (I'm on a shared server so probably limited options)


                (3.7, not using recaptcha, but the previous image verification)
                Last edited by 5thfoot; Wed 21 May '08, 2:34am. Reason: sp

                Comment

                • AdrianH
                  Senior Member
                  • Sep 2007
                  • 508

                  #9
                  Originally posted by Vtec44
                  Did you have email verification on?
                  Yes I have email verification on and so far they have not gone beyond the members list as I check the registrations at least twice a day and then delete anything obvious.

                  In v3.6.8 I had the DOB requirement, the image captcha, NO SPam and ISBOT running.

                  In v3.7 I had the DOB,Recaptcha and ISBOT mod (which still catches 100's a week.)

                  Now this bot is adding a DOB, running slowly enough to avoid the ISBOT mod and is reading or bypassing the Recaptcha.

                  I have also had it sign up as member " vBulletinBoy " which just rubs it in a bit further.

                  I have now switched to the question type verification and will see what that does.

                  Comment

                  • AdrianH
                    Senior Member
                    • Sep 2007
                    • 508

                    #10
                    Looking at the sheer volume of reports on Google I doubt it is anything but a BOT system , there would need to be 100's of people finding forums and typing manually to hit like this.

                    Comment

                    • blazeman
                      New Member
                      • Dec 2005
                      • 6
                      • 3.6.x

                      #11
                      Originally posted by CareyCrew
                      Looking at the sheer volume of reports on Google I doubt it is anything but a BOT system , there would need to be 100's of people finding forums and typing manually to hit like this.
                      Don't put it past spammers to hire people in low wage areas of the world to be doing just this.

                      I've also had these guys and deleted them as soon as the email came in with their membership.

                      I had a Jessie join yesterday and before we could see they were spamming they sent out 65 PMs... They were from the states (IP wise).

                      Ahh the fun battle of running a forum

                      Comment

                      • AdrianH
                        Senior Member
                        • Sep 2007
                        • 508

                        #12
                        Originally posted by blazeman
                        Don't put it past spammers to hire people in low wage areas of the world to be doing just this.

                        I had a Jessie join yesterday and before we could see they were spamming they sent out 65 PMs... They were from the states (IP wise).
                        May be that is what they are doing, they were on IP's from China for the last 5 attempts.

                        Comment

                        • El Burro
                          Banned
                          • Apr 2007
                          • 166
                          • 3.7.x

                          #13
                          I've had these bots join my forum.

                          They are bots because the joined my 3.6.8 forum which was renamed during an upgrade to 3.7.0 and is orphaned, but I hadn't deleted it.

                          That doesn't mean it's not a combination of bot/human.

                          1. Bots find the forum.
                          2. Humans register
                          3. Bot spams.


                          What can you do if this is the case?

                          Have vbulletin keep a list of e-mail addresses of known forum spammers.
                          Which we can add to.
                          That is checked during registration?

                          It might help?

                          Comment

                          • 5thfoot
                            New Member
                            • Oct 2007
                            • 16
                            • 3.7.x

                            #14
                            just checking Google again for the usernames mentioned and it is climbing at an alarming rate - 10,000, every one I click on is a different forum.

                            think this could be a major spam event in the making ?

                            Comment

                            • boogie box high
                              Senior Member
                              • Jul 2004
                              • 200
                              • 3.6.x

                              #15
                              Originally posted by CareyCrew
                              I have the Recaptcha system set up and also use the ISBot mod, in the last week I have had 14 spam bots seed the forum member list.

                              these are the last 2 :

                              beijmanli Email Address : [email protected]
                              Birthday : January 1, 1980
                              Referrer: N/A
                              IP Address: 58.17.147.112


                              KaiyureBoy Email Address : [email protected]
                              Birthday : January 1, 1980
                              Referrer: N/A
                              IP Address: 121.234.239.204

                              A quick Google shows them as very prolific spammers,this is no manual entry campaign.

                              Prior to v 3.7 I used the NO SPAM mod combined with ISBot and never had a single spammer succeed in joining the forum.
                              Yes, I have posted it in another thread a few days ago.
                              I have the same issue also with Q&A function, I had over 10 signups on Sunday and have disabled Q&A function then. Pretty useless.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...